If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Zone Alarm and Cisco VPN difficulty.

Thanks Moderator, but that's not very helpful.

I could understand the need for tweaking if I wanted to run a tight firewall, but with ZA SHUTDOWN you can't tell me there's a configuration issue. It must be some fundamental conflict which hasn't been seen before and which isn't addressed in your QA cycle.

I'm sure you can imagine what would happen if I brought my personal laptop to our IT department and told them Cisco VPN only runs when ZA is uninstalled. They'll say: "well, uninstall it."

Re: Zone Alarm and Cisco VPN difficulty.

Ok VPN configuration is very tricky. It not just install it and go for ZA.

What you need to do (in both cases) is take your PC with the VPN and ZA installed into your place of work and have your I.T. dept configure ZA properly to work with your VPN.

We tested the Cisco VPN solution on ZA before every release during our regular QA cycle and there were not problems.

Every VPN is setup differently and many times you can install ZA and we just work fine out of the box but other times due to how the VPN was setup and deployed at the individual work place it requires to be troubleshooted and configured by the I.T. professionals who setup the VPN.

Forum Moderator

Sorry I agree with Lucus, this isn't very helpful since I am in the IT department who set up the VPN....

~~snip~~

The client log file just isn't throwing anything useful up, and watching the firewall shows the packets are not hitting the firewall but getting discarded at the client end by the VPN client.

I'm putting in a change request at work to get a secondary route on the VPN (via another site) to use IPSEC over TCP in place of the existing UDP connection. Once up, this may shine some more light on the issue...

Last edited by fax; June 2nd, 2010 at 12:29 AM.
Reason: offtopic - please stick to the issue. Thanks.

The VPN client connects and is able to access workplace resources, via UDP or TCP connection.

With Zone Alarm installed -
Allow uncommon protocols at high security - checked
Program Control set to full allow for both Trusted and Internet Access, and Trusted and Internet Server.
Trusted Zone entries for the IP address of the VPN device, and two of the internal subnets.

VPN connection over TCP - will not connect, Cisco reason 414

VPN connection over UDP - connects, but unable to reach workplace resources, all packets either bypass the client, or are discarded.

I am the VPN unit administrator, I have set up several of these connections with Zone Alarm Free in the past. I have never run into a situation where even establishing the trusts in ZA prevents the VPN client from encapsulating the traffic.

Once tool is running check ALL the boxes in the LOGGING section only
DO NOT make any other changes.
Now click OK
You will be told you need to restart your PC.

Shut down and reboot your PC

After you PC is rebooted then go ahead and attempt to make a VPN connection and try to access what doe snot work for you.

Once it has failed, open the Diagnostics Tool again.

Now click the Upload Data button
Enter your email address in the email field.
Enter the following text in the Case Number field: CISCOVPN

Click the OK button.

Now depending how large the logs are and the speed of your system and internet connection it will now compress all your logs into a CAB file and upload them to our server. Once you get a successful message after the upload reply back here to let me know.